From: "Laszlo Ersek" <lersek@redhat.com>
To: "Ni, Ray" <ray.ni@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Dong, Eric" <eric.dong@intel.com>
Cc: "Lou, Yun" <yun.lou@intel.com>
Subject: Re: [edk2-devel] [PATCH v2] UefiCpuPkg/MpInitLib: Add check for CR3/GDT/IDT.
Date: Fri, 4 Sep 2020 08:47:45 +0200 [thread overview]
Message-ID: <11c5546f-6f5c-e7c6-207e-1c442191da4e@redhat.com> (raw)
In-Reply-To: <BY5PR11MB4007B4B0A75F5C87A1731A988C2D0@BY5PR11MB4007.namprd11.prod.outlook.com>
On 09/04/20 03:34, Ni, Ray wrote:
> Why do we need a new PCD to control such check? Under what circumstance the PCD is false?
Under *all* circumstances, except when the platform wants to be
compatible with the UEFI application that manually moves the GDT or IDT
or CR3 above 4GB.
To repeat my earlier point: I consider the actions of this UEFI
application *invalid*. The UEFI spec does not authorize UEFI
applications to mess with low level concepts such as IDT / GDT / CR3.
All that stuff belongs to platform / DXE drivers. So if a UEFI
application messes with them anyway, breakage is *expected*.
In other words, I consider this patch to be adding compatibility with an
invalid UEFI application. That's fine (I assume Eric has a good reason
for asking for this compatibility -- must be an important or high
profile application), but we should *not* pessimize other platforms.
This is the reason for the Feature PCD -- on platforms that do not care
about compatibility with this application, the compiler should be able
to optimize away all this IDTR / GDTR / CR3 checking.
> We may need to move such check out of MpLib.c.
Yes, I agree. Minimally, it should go into the DXE instance of
MpInitLib. Another option is to move it out to CpuDxe.
> Because when bps runs at 32bit mode, AP doesn’t need to switch to long mode, such check is not needed and also always passes.
Yes, that's a further possible refinement. Restrict the logic to
FeaturePCD && DXE && X64
> We should not assume PEI runs at 32 bit mode.
The PEI phase is irrelevant here -- by the time the UEFI application
runs, PEI is gone. So indeed PEI components / lib instances should not
be changed in any way.
(Note: as I said earlier, if someone can show that edk2 *itself* has
this problem, that is, GDT / IDT / CR can be set above 4GB *without*
using this particular UEFI shell application, then we have a more
serious problem. But in that case, it's not MpInitLib or the MP services
protocol that we need to fix -- instead, we need to fix the
*allocations* / placements themselves, so that they be under 4GB.)
Thanks
Laszlo
>
> ________________________________
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Laszlo Ersek <lersek@redhat.com>
> 发送时间: Friday, September 4, 2020 3:55:47 AM
> 收件人: Dong, Eric <eric.dong@intel.com>; devel@edk2.groups.io <devel@edk2.groups.io>
> 抄送: Ni, Ray <ray.ni@intel.com>
> 主题: Re: [edk2-devel] [PATCH v2] UefiCpuPkg/MpInitLib: Add check for CR3/GDT/IDT.
>
> On 09/03/20 21:00, Laszlo Ersek wrote:
>
>> (10) More importantly, ValidCR3GdtIdtCheck() should not be called in the
>> Worker functions for StartupAllAPs, StartupThisAP, SwitchBSP, and
>> EnableDisableAP, in "UefiCpuPkg/Library/MpInitLib/MpLib.c".
>>
>> Instead, the calls should be made in the DXE instance of the library
>> ("UefiCpuPkg/Library/MpInitLib/DxeMpLib.c"), at the very top of the
>> functions:
>>
>> - MpInitLibStartupAllAPs
>> - MpInitLibStartupThisAP
>> - MpInitLibSwitchBSP
>> - MpInitLibEnableDisableAP
>>
>> Here's why:
>>
>> (a) The symptom does not affect the PEI phase -- by the time the UEFI
>> application is executed, the PEI phase has ended; there's no need to
>> modify the PEI instance of the library.
>>
>> (b) The currently proposed failure exits are too late. For example, in
>> the SwitchBSPWorker() function, by the time we exit, we have called
>> DisableApicTimerInterrupt(), SaveAndDisableInterrupts(), and
>> DisableLvtInterrupts() -- and the error path does not restore the
>> original environment.
>>
>> (c) According to the PI spec (v1.7), the StartupAllAPs(),
>> StartupThisAP(), SwitchBSP(), EnableDisableAP() member functions of
>> EFI_MP_SERVICES_PROTOCOL may only be called on the (current) BSP.
>> Because of this, it is OK to call ValidCR3GdtIdtCheck() as the very
>> first action in the above-listed DxeMpLib functions.
>>
>> (Assuming the protocol members are called from an AP, and consequently
>> we check CR3 / GDTR / IDTR on the AP (and not on the BSP), that's the
>> *caller's* fault, per spec!)
>
> This means we can move the ValidCr3GdtIdtCheck() function to
> "DxeMpLib.c", and it is not necessary to modify "MpLib.h".
>
> Thanks
> Laszlo
>
>
>
>
next prev parent reply other threads:[~2020-09-04 6:47 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-03 15:11 [PATCH v2] UefiCpuPkg/MpInitLib: Add check for CR3/GDT/IDT Dong, Eric
2020-09-03 19:00 ` Laszlo Ersek
2020-09-03 19:55 ` Laszlo Ersek
2020-09-04 1:34 ` [edk2-devel] " Ni, Ray
2020-09-04 2:00 ` Dong, Eric
2020-09-04 2:18 ` 回复: " vanjeff_919
2020-09-04 2:27 ` Dong, Eric
2020-09-04 3:09 ` Yao, Jiewen
2020-09-04 6:50 ` Laszlo Ersek
2020-09-04 6:58 ` 回复: " Laszlo Ersek
2020-09-04 7:32 ` 回复: " Fan Jeff
2020-09-04 8:06 ` Yao, Jiewen
2020-09-04 8:36 ` Laszlo Ersek
2020-09-05 12:30 ` Yao, Jiewen
2020-09-05 13:50 ` Dong, Eric
2020-09-07 9:22 ` Laszlo Ersek
2020-09-04 8:43 ` 回复: " Fan Jeff
2020-09-04 8:23 ` Laszlo Ersek
2020-09-04 6:47 ` Laszlo Ersek [this message]
2020-09-04 2:00 ` Dong, Eric
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11c5546f-6f5c-e7c6-207e-1c442191da4e@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox